-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* updates ppl example * updates ppl example
- Loading branch information
1 parent
b88695c
commit 4c0cb1f
Showing
1 changed file
with
6 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,17 +27,17 @@ allow: | |
and: | ||
- domain: | ||
is: example.com | ||
- user: | ||
is: [email protected] | ||
deny: | ||
or: | ||
- user: | ||
- email: | ||
is: [email protected] | ||
- user: | ||
- email: | ||
is: [email protected] | ||
``` | ||
|
||
This policy will allow a user with an email address at `example.com` who **is also** `user`. It will deny `user2` **or** `user3`, regardless of their domain and group membership. | ||
This policy grants access only if the domain portion of a user's email address matches the specified value, `example.com`. | ||
|
||
It will deny access to users with a `[email protected]` **or** `[email protected]` email address. | ||
|
||
## Rules | ||
|
||
|
@@ -149,7 +149,7 @@ Entries marked with `*` denote criteria that are only available in the [Enterpri | |
| \* `record` | variable | Allows policies to be extended using data from [external data sources](/docs/integrations) | | ||
| `reject` | Anything. Typically `true`. | Always returns false. The opposite of `accept`. | | ||
| \* `time_of_day` | [Time of Day Matcher] | Returns true if the time of the request (for the current day) matches the constraints. | | ||
| `user` | [String Matcher] | Returns true if the logged-in user's id matches the given value. | | ||
| `user` | [String Matcher] | Returns `true` if the logged-in user's ID matches the supplied value. (The actual value of the user ID claim depends on how the identity provider sets this value.) | | ||
|
||
Entries marked with `*` denote criteria that are only available in the [Enterprise Console](/docs/deploy/enterprise) PPL builder. All other entries are available in both Pomerium Core and Pomerium Enterprise. | ||
|
||
|